LOGIN_EXEMPT_URLS not working for application's urls

[netvoip]

I have configured LOGIN_EXEMPT_URLS and it's working for admin page but for nested urls of application it isn't. What is the proper way to handle it?

AUTH_ADFS = {
    "LOGIN_EXEMPT_URLS": [
                          "admin/",
                          "chat/nosso/",
                          ],
}

urlpatterns = [
    path('chat/', include("chat.urls")),
]

[JonasKs]

It's regex, so you could add a * or similar at the end.

E.g. apis/*

[netvoip]

I tried with *, didn't help. Is there any way to debug such things?

[tim-schilling]

Is there any way to debug such things?

One option is to add a breakpoint() near the code that handles this to understand what it's not being matched. You could also use an IDE's debugger.

[netvoip]

I put breakpoint on view and didn't find any problem. Path is as expected and LOGIN_EXEMPT_URLS variable value contains it.
Also weird thing, I tried to open "mysite/oauth2/login_no_sso" page and it leads to ADFS login page.

[mgargiullo]

I'm now seeing this error as well

[JonasKs]

Please provide an example GitHub repo we can look at, or enough context for us to reproduce.

[netvoip]

I returned back to the issue since no SSO became needed. Still no changes. Here is my config.

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django_auth_adfs.middleware.LoginRequiredMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
AUTH_ADFS = {
    "SERVER": "federation",
    "CA_BUNDLE": False,
    "CLAIM_MAPPING": {"first_name": "given_name",
                      "last_name": "family_name",
                      "email": "email"},
    "USERNAME_CLAIM": "winaccountname",
    "GROUPS_CLAIM": "group",
    "LOGIN_EXEMPT_URLS": [
                          "admin/",
                          "chat/nosso/",
                          r"chat/nosso/*",
                          ],
}
LOGIN_URL = "django_auth_adfs:login"
LOGIN_REDIRECT_URL = '/'

I added some prints to the middleware, that's the output

runserver HTTP POST /accounts/logout/ 200 [0.05, 127.0.0.1:20377]
--> not authenticated. path is chat/nosso/
found in exempt urls
runserver HTTP GET /chat/nosso/ 302 [0.01, 127.0.0.1:20379]
--> not authenticated. path is oauth2/login
found in exempt urls
django_auth_adfs config.py [_load_openid_config() 251] [INFO] Trying to get OpenID Connect config from ...
runserver HTTP GET /oauth2/login?next=/chat/nosso/ 302 [0.07, 127.0.0.1:20380]
--> not authenticated. path is chat/nosso/
@@ found in exempt urls
runserver HTTP GET /chat/nosso/ 302 [0.00, 127.0.0.1:20382]
--> not authenticated. path is oauth2/login
@@ found in exempt urls
runserver HTTP GET /oauth2/login?next=/chat/nosso/ 302 [0.00, 127.0.0.1:20383]
--> not authenticated. path is oauth2/callback
@@ found in exempt urls
runserver HTTP GET /oauth2/callback?code=... 302 [0.08, 127.0.0.1:20385]
user is authenticated
runserver HTTP GET /chat/nosso/ 200 [0.05, 127.0.0.1:20387]

Redirect is still happening even when path is found in exempt urls. Federation server is on Windows 2016.

[tim-schilling]

@netvoip sorry, but that's not enough for us to go off of. I spent some time writing up tests for the middleware and it works as expected. You can see them in #368